cachito
cachito copied to clipboard
containerbuildsystem
use github purls for local dependencies in parent directories
This is a WIP and doesn't have tests added yet.
Diff of the content-manifest between https://github.com/taylormadore/cachito-gomod-local-parent-deps/commit/86609ba7aabeecad48524c05a2fa9cc53e051d8d (with local replacements) and https://github.com/taylormadore/cachito-gomod-local-parent-deps/commit/91f6a749ab70c4978df8fab701a748436539c58a (without local replacements): https://privatebin.corp.redhat.com/?453aa3e6bc8dd9a6#GTc2AKZj13ayya8Kc4gmPFV62qq8q7Untr8PfFexNNQQ
Diff of the content-manifest for lighthouse at https://github.com/submariner-io/lighthouse/commit/c454961ea91af3bc45a1f40e157083f32269049c https://privatebin.corp.redhat.com/?4a78985c98090f8e#CuQiRzhuPP61gFp31AhDUHEzfgqngtUPNHryQCVR6HML
Maintainers will complete the following section
- [ ] Commit messages are descriptive enough
- [ ] Code coverage from testing does not decrease and new code is covered
- [ ] New code has type annotations
- [ ] OpenAPI schema is updated (if applicable)
- [ ] DB schema change has corresponding DB migration (if applicable)
- [ ] README updated (if worker configuration changed, or if applicable)
The submariner/lighthouse manifest looks perfect to me :+1:
Ideally, we could do some validation to make sure the content manifest will be generate-able
Rebased on main, added some validation to fetch_gomod_source, and added partial unit test coverage
I decided to test a particularly nasty example (sorry): https://github.com/cachito-testing/cachito-gomod-local-parent-deps/commit/584bdfdb70279d2ada6e68028a684b6c8afa0767
Request:
{
"repo": "https://github.com/cachito-testing/cachito-gomod-local-parent-deps",
"ref": "584bdfdb70279d2ada6e68028a684b6c8afa0767",
"pkg_managers": ["gomod"],
"packages": {
"gomod": [{"path": "."}, {"path": "foo-module"}, {"path": "foo-module/bar-module"}]
}
}
Doesn't including the staging/... module and the request still passes (as it should, IMO)
But when you look at the content manifest:
curl localhost:8080/api/v1/requests/2/content-manifest | jq 'del(.image_contents[].dependencies[] | select(.purl | test("@") | not))'
Relevant part:
{
"dependencies": [
{
"purl": "pkg:golang/github.com%2Fcachito-testing%2Fcachito-gomod-local-parent-deps%[email protected]"
},
{
"purl": "pkg:golang/github.com%2Fcachito-testing%2Fcachito-gomod-local-parent-deps%2Ffoo-module%2Fbar-module%[email protected]"
},
{
"purl": "pkg:golang/github.com%2Fcachito-testing%2Fcachito-gomod-local-parent-deps%2Ffoo-module%[email protected]"
},
{
// Not sure if we can consider this correct. I would expect:
// pkg:golang/github.com/cachito-test/[email protected]#staging/src/spam-module/spam
"purl": "pkg:golang/github.com%2Fcachito-testing%2Fcachito-gomod-local-parent-deps%2Fstaging%2Fsrc%2Fspam-module%[email protected]"
}
],
"purl": "pkg:golang/github.com%2Fcachito-testing%2Fcachito-gomod-local-parent-deps%[email protected]",
"sources": [
{
"purl": "pkg:golang/github.com%2Fcachito-testing%2Fcachito-gomod-local-parent-deps%2Ffoo-module%[email protected]"
},
{
"purl": "pkg:golang/github.com%2Fcachito-testing%2Fcachito-gomod-local-parent-deps@v0.0.1-0.20230124152505-584bdfdb7027"
},
{
// I think this one was supposed to be spam-module (either this or the one above)
"purl": "pkg:golang/github.com%2Fcachito-testing%2Fcachito-gomod-local-parent-deps@v0.0.1-0.20230124152505-584bdfdb7027"
}
]
}
